Privacy Policy

Last updated: May 23, 2026

Overview

Just For Phishing is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our cybersecurity training platform.

Information We Collect

Just For Phishing is primarily a client-side training platform. You do not need an account, and we do not ask for names, email addresses, passwords, or employer details to use the training modules.

• Local training data: module progress, quiz scores, completion status, and achievements are stored locally in your browser using localStorage. This training data is not uploaded to a Just For Phishing server.
• Aggregate analytics: we use Google Analytics 4 to understand site traffic and improve the training content. GA4 may collect page views, approximate location, device/browser information, referral source, module start/completion events, score ranges, and link/CTA clicks. We do not send names, email addresses, employer details, individual answers, or full local training history to GA4, and we do not use GA4 to identify individual learners or combine analytics with account data.
• Server/CDN logs: GitHub Pages and Cloudflare may process standard technical logs such as IP address, user agent, URL, and timestamp to deliver the site, protect against abuse, and troubleshoot reliability.
• GitHub: if you interact with our GitHub repository, GitHub's privacy policy applies.

How We Use Information

Local training data is used only in your browser to:

• Track your progress through training modules
• Display your scores and achievements
• Provide a personalized learning experience

Aggregate analytics are used to understand which modules are useful, where visitors find the site, which devices/browsers need support, and where content should be improved. We do not sell analytics data and do not use it for advertising or retargeting.

Cookies & Local Storage

The training platform uses localStorage to keep progress on your device. Google Analytics may use cookies or similar technologies depending on browser settings and consent controls. You can clear local training data by:

• Clearing your browser's localStorage for this site
• Using your browser's "Clear browsing data" feature
• Using privacy tools or browser settings to block analytics scripts

Data Security

Because training progress stays in your browser, you have direct control over it. The public site is served over HTTPS, and we use reputable hosting/CDN providers to deliver static files securely.

Third-Party Links

Our platform may contain links to external websites (such as security resources or documentation). We are not responsible for the privacy practices of these external sites.

Open Source

Just For Phishing is open source. You can review our entire codebase on GitHub to verify our privacy claims.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

Contact Us

If you have questions about this Privacy Policy, please contact us or open an issue on our GitHub repository.